The cybersecurity community is working hard on technologies and solutions that will protect people and businesses in 2023 and beyond. But hackers do not stand aside and try to use new technologies to deceive users and security solutions. How does Bitdefender see 2023 when it comes to cyber threats?

BitdefenderPhoto: Bitdefender

IoT: More vulnerabilities that are hard to patch

Cyber ​​attackers will continue to exploit readily available vulnerabilities in many IoT platforms and devices. Poor authentication, insecure data transmission, cloud misconfiguration, remote code execution and command injection attacks, and privacy issues are among the most common and persistent challenges that require collaboration between the IoT device industry and the IT security community.

As a first step in the right direction, major smart home device manufacturers have started using the Matter protocol. Matter brings together security best practices, and the hope is that the entire IoT community will begin to move in the same direction of interoperability, simplicity, and a common set of security standards.

However, today’s slow remediation of vulnerabilities is not expected to improve significantly until governments implement various regulations, such as the 2020 IoT Cybersecurity Improvement Act in the United States or the EU’s Cyber ​​Resilience Act (which could enter into force in 2025). . They introduce mandatory cybersecurity requirements for IoT devices.

Resilience of ransomware

Ransomware will continue to affect Microsoft Windows systems in particular. The latest cyber threats are spreading quickly, and attackers can take advantage of Ransomware-as-a-Service (RaaS) suites to easily and cheaply build and deploy many of their own variants.

In 2022, ransomware groups have adapted to the ever-changing world by improving their blackmail techniques and changing the programming language of their code. BlackCat RaaS, for example, developed malware using Rust, which is considered a more secure programming language than C and C++.

This year, these cybercriminal groups are expected to look for new technological solutions, such as new methods of circumventing security solutions. Cyberthreats written in non-traditional (for hackers) programming languages ​​like Rust, Go or Swift will become more common, and this not only helps avoid detection and makes analysis more difficult for security researchers, but also allows ransomware to attack a larger number of users on different operating systems.

SMS from hackers

Attackers will continue to create cyber threats that spread through links received via text messages, such as FluBot. This type of Android threat is very difficult to master and can easily be adapted to the current social or political situation. The threat copies and spreads through all the victim’s contacts and steals bank details stored on the phone. An SMS can notify the target of a failed delivery, make recommendations for reducing the electricity bill, or invite the target to view a photo belonging to a friend.

As Ukraine seeks to retake part of its territory from Russian invaders in 2023, Russian hacktivists are expected to retaliate by continuously attacking Ukrainian and Western organizations with various cyber threats. Russian state groups are expected to make the cyber threats they develop available to anyone interested in receiving them.

The evolution of cyber security

As attackers continue to modify and revise their tactics, cybersecurity is changing. The market is expected to continue to grow in 2023 as cyber insurance service providers implement more appropriate system checks and monitoring capabilities in companies. That’s why managed detection and response (MDR) services are becoming a key tool to help organizations qualify for such insurance in the new year.

In a similar trend, more and more organizations will move from traditional cyber prevention mechanisms to more holistic prevention, detection and response mechanisms.

According to the December 2022 Bitdefender Cybersecurity Posture Survey, 53% of organizations have already moved to a prevention, detection and response approach. Of those still focused on prevention alone, 12% are testing and 32% are considering adopting a more proactive cybersecurity strategy in the near future.

Cybersecurity teams will continue to grow, but budget and staffing challenges will likely push organizations to opt for more automated solutions. Only 18% of respondents to Bitdefender’s survey have cybersecurity staff in their IT departments, as cybersecurity remains one of many IT tasks for the vast majority.